Links

Saturday, May 7, 2011

Buby Script Basics Part 1

For those of you who are new to Buby, it is a platform to write Ruby based extensions for the Burp Suite API and I'm going to attempt to cover some of the basics. First let me say thank you to Tebo for providing his insight. Tebo is the author of the Buby.kicks_ass => true article. Additionally, thank you Eric Monti the creator of Buby. Buby's homepage is located Here .

Installing:

Although you can write Ruby code, this is a JRuby Gem. What does this mean? It means that the code execution environment is JRuby (Java+Ruby) and the Gem should be installed in the JRuby environment.

Lets install JRuby first:

Next, install the Buby Gem.

Basic example of running a script:

The options you see explained

jruby -S buby => runs the jruby environment leveraging the buby gem

-i => interactive, this means you can interact with Burp from the console.

-B => this is the location of your Burp jar file

-r => The script you'd like to run. This is an easy way to run the buby code you've created.

Finally, an example of sending a command to burp via the -i (interactive option). Here we produce an alert "Hello World".

Pre-command

Command

Post Command

Okay so that wraps up Part 1 of Buby Basics.

If you'd like some scripts to mess around before Part 2, you can find some scripts I put together Here.

Buby 1.3.3 seems to have issues, I usually revert to buby 1.3.1 (gem install buby --version=1.3.1). Also, the latest version of Burp has broken Buby AFAICT so if you want to use Buby (before it is fixed or a new maintainer steps forward), you'll have to leverage an pre- 1.5v of Burp IIRC).